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Securities Firm A 



FX Trading 
Engine 



Securities 
Accounting 



T 



Transform 
ation 



Typical Technology Used 
Customized adapter 
Preagreed interface format'standard 
EDI translator 



Customer B 



* Transform - 
$ at Ion 



Order 
Management 



Payment 
Gateway 



When to Use 
Point-to-point exchange, tight 
integration 

Limited number of trading partners 
Relatively static data formats 

Based Gfi: Y<=e& Apte. Integrating tour e-Business Enterprise. SAMS, 2001. 
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Typical Technology Used 

Stan da rd i zed horn e-g rown/cus tomi ze d 

adapter 

Standardized interface format/API 
standard 

EDI translator/EAl or middleware 



When to Use 

Strong urge for standard build 
Point-to-point exchange, tight 
integration 
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Typical Technology Used 
Synchronous/asynchronous database 
replication (push-pull) 
Database/message centric applications 
EAI/Messaging middleware (e.g., RV-TX 
JMS with JMS Bridge or JMS-SOAP) 



When to Use 

Highly centralized business 

applications 

No geographical location constraints 
Local spokes are for backup/ 
performance benefits (e.g. : faster 
access, MIS) 
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Asia Pacific Region 



Europe Region 



Typical Technology Used 
Synchronous/asynchronous database 
replication (push-push) 
Database/Message centric applications 
EAl-Messaging middleware, (e.g.. RV-TX 
JMS with JMS Bridge or JMS-SOAP) 



When to Use 

Highly distributed business applications with 
local control 

Geographical location constraints 
Partition different hubs for different products or 
transaction types, where replications are for 
back-up purpose 
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data 



Re-publish to 
delrvery via 
other channels 




Email 
(SMTP Server] 



FTP 



XAO0 
MTA 



Typical Technology Used 

E A l/Messaging middleware, e.g.. Amtrix, 

Mercator 

EDI Translator 

JMS or non^JMS middleware 



When to Use 

Complicate data transformation or work flow 
Multi-channel delivery support, (e.g., email, tax. 
EDI) 
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Typical Technology Used 
Vendor/off-t he-she If XML adapter 
Preagreed XML standards/variants 
XML Web Services 



Customer B 



(XML^ 




Siebel 
CRM 



Oracle 9j 



When to Use 

Loosely coupled integration 

Large number of trading partners 

Multiple systems need to be 

integrated 

Based co: Yee&Apte. Integrating \bur e- Bus iness Enterprise. SAMS. 2001. 
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Execute 
Order Event 



Calculate 
Risk Event 



Typical Technology Used 
Customized work flow integration tools 
Preagreed message formats/APIs 



When to Use 

Tightly coupled integration 

Small number of trading partners 

Strong business sen/ice integration needs 



Basod on: Y« A Apia. Intagraiing Vbui a-Suanass Entaip*co. SAMS. 2COI. 
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Typical Technology Used 
Customized workflow integration tools 
Preagreed message formats' APIs 
"Shared" process integration tools for 
public events 



When to Use 

"Co-branded" business services 

Tightly coupled process & technical integration 

Small number of trading partners 
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Typical Technology Used 
Hyrtorid integration methods 
P re-ag reed rn essag e f o rmats/ AP Is 
XML Web Services 
HTTP/S GET or POST 



When to Use 

Brokering similar services with a single front-end 
(service-provider neutral)' 
Loosely coupled process & technical integration 
Large number of trading partners 
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Typical Technology Used When to Use 

Hyrbrid integration methods Brokering lowest price of similar services with a 

Preagreed message formats^'APIs single front-end (Service -Provider neutral) 

XML Web Sen/ices Loosely coupled process & technical integration 

HTTP/S GET or POST Large number of trading partners 

Price-sensitive & homogeneous products 
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Integration Patterns When to Use 



Benefits 



Consideration 



Application to 
Application 


Point-to-point 
exchange 


Tight integration 


Limited scalability 


Standard Build 


Strong branding 
Strong urge to 
standardize 


Reduce deployment 
effort 

Standardized service, 
faster deployment 
with no customization 


Consensus on 
standard builds 


Hub-Spoke 

Replication 

Federated 

Replication 

Multi-step 

Application 

Integration 


Hub-spoke business 
model 

In tra-ente iprise 
integration 


Flexible workflow 
integration 
Reliable and 
consistent multi-step 
application 
integration 


I nter-ente iprise 
integration with 
many customization 
options 


Data Exchange 


Large number of 
nartners to integrate 
with heterogeneous 
platforms & standards 


Accom m odati n g 
differences in 
standards/interfaces 


Emerging standards 

and r Ai n ol o<rv 


Closed Process 
Integration 
Open Process 
Integration 


Shared business 
processes 

Wo rkfl ovv-o li en ted 
services 


Richer support for 
process integration 
Cohesive and tightly 
integrated services 


Complexity for 
partners to agree and 
implement 


Service 

Consolidation- 
Broker Integration 


Single front-end for 
multiple Service 
Providers 


Added values and 
S e rvice -P rovi de r 
neutral 


Handling service 
failure of partners 



Reverse Auction- 
Broker Integration 
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integration 
Patterns 


lypicai 

Technology/ 

Used 


1 yp i ca i 

Standards 

Used 


Examples 


Application to 
Application 


Customized adapters 
EDI translator 


Proprietary 
XML variants 


Ariba 

Commerce One 


Staii da ixl Build 


Proprietary 


Proprietary 


Hexagon 


Hub-Spoke 

Replication 

Federated 

Replication 

Multi-step 

Application 

Integration 


EAI solutions, such 
as Am true, M creator, 
and TIBCO 


JMS. SOAP-JMS 
binding 


eXonomy 


Data Exchange 


XM L Web Services 


XML and SOAP, 
UDDI,WSDL 


AIG 

Visa Commerce 


Closed Process 
Integration 
Open Process 
Integration 


EAI solutions or 
middleware, such as 
Sun ONE 
Integration Server 
EAI edition. XML 
Web Se iv ices 
technology 


BPEL4WS 




Service 

Co ns o li dati on— 
Broker Integration 
Rev erse Auction- 
Broker Integration 


Hybrid of any 

integration 

technology 


Hybrid of any 
integration standards 


Yahoo! 

Digilogistics 

(obsolete) 

CFOWeb 

Vcbeq (obsolete) 

Bumiputra 

Commerce Bank 
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Security 
Mechanism 


Examples of 
Security Protection 


Security Standards 
Specifications 


Service 
Negotiation 


Identity 
management 

Access control 
and policy 
management 
Single Simi-on 


Liberty-compliant 
Identity Server 

Access control for XML 

messages 

Single Sign-on products 


Idea titij management — 
Liberty 1.1. XML Key 
Management Specification 
(XKMS), WS-Federation 
Fntithmipnt 55 A MT 

XACML, WS-Authorization 

Policy— WS- Policy 
Others — WS-Secure 
Conversation WS-Tmst 
WS-Privacv 


Service 
Discovery 


Seivice Registry 
security 


UDDI Service Registry- 
security features 
Protection forWSDL 
documents 


UDDI 
VVSDL 


Transaction 
Routing 


Messaging 
security 


Data encryption 
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Key management and 
managing credentials 


XML Enciyption (XML- 
ENC) 

XML Signature (XML- 
DSIG) *~ 
WS-Securify 
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Data transport 
security 


128-bit SSL with HTTPS 
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Internet 


Network 
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security 
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level encryption 
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system security 

Penetration 
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Testing 
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Security Technology 
or Standards 


Security 
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Trust Domains 


Key management 


XKMS 

Host security hardening 


Authentication 
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Authentication 
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Availability 
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security 
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Client and host security hardening 
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Acquire a V/SDL rtreument And 

sniff for a copy of SQfr.p massage from internal 

network 



<mas&acje nane=' transferFundRequest "> 

<part narne="account1" type= M xsd:strinc//> 

<part name='account2* t>pe=" xsd:5trinc//> 
^rneasage> 

^massa^e rane=" transferFundResponse "> 

<part name=" Result" type=" xsd.-fbaf/> 
</message> 



SOAP messages s&nt in dear text owe* 



Web Service 
Client 



HTTP 



Web Service 
RFC Ftouter 



Man-in-the-Middle Attack 




Web Service 
Piocy 



Web Servce 
(Application 1 ) 



Web Service 
(Application 2) 



Mxifr SPAP message and post it to the sen/ire end -print URL 

< transferFundRequest > 
xacoounM name=' Mr Good Guy" operation ^'ctebit" 

amount= '230,000' cu rrency= USD" number="320 - 2330-234" f> 
<accounL2 name=' Mr Bad Guy" operation ="credit" 

amount="230,000" currency ='USD" nuntjef='B22 -1220-212" /> 
•c/transfeiFundReqLiest > 
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Web Sei vices 
Objects 


Location 


Remarks 


Web 

Container 




In this example, this is Apache Tomcat 4.x. 


V- 1 Sfc: I aL-L fcrSS 

control list 


tomcat-use rs.xml 


1 li i c Ti 1 o r'nnfuinc #"mo ncor nomoc near n'jcounrrlc 
1I11N l.llfc? LUI Hell UN lilt: l.lSei 11 til lies, llStfl [JclS>VVOl LIN. 

and roles that are allowed to access and execute 
resources under the Web Container. 


Server 

configuration 
file 


D:\Dev\WSDPNconf\ 
serve nx ml 


This file contains the server configuration (for 
example, port number) for miming the Tomcat 
server. 


Log Files 


Web 

Container 
log files 


D:\Dev\WSDFdogs 


In this example. Tomcat log files are used. This 
directory contains log files for Tomcat server 
(CatalintLOUt), server administration log 
(loealhost_admin_log*.logand access_log*.log and 
services_JogMog), as well as Sendee Registry log 
(xindiee.log). 


Developer 
tool log files 


D:\Dev\WSDPMogs\ 
jwsdp_log*.log 


In this example, Java Web Services Developer 
Pack's log files are shown. 


Service 
Registry 
update activity 
log file 


D:\Dev\WSDP\tools\ 
xindice\logs\vindioe. log 


In this example, the Xindice database activity log 
file is used. 


Message 
Provider 


ehXML 

message 

provider 

administration 

logs 


D:\Dev\WSDP\work\ 
Services Engines\ 
j axm -p ravide iNebxm 1 


There are four subdirectories that contain the 
messages received, sent, to be dispatched, and to 
be sent. This denotes the physical location where 
the JAXM message provider will send or receive 
the messages with the reliable message delivery 
capability. 
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SOAP Remote 

Provider 

message 

provide r 

administration 

logs 


D:\Dev\WSDP\work\ 
Services Engines\ 
laxm-prov lciei \soaprp 


There are four subdirectories that contain the 
messages received, sent, to be dispatched, and to 
be sent. This denotes the physical location where 
the SOAP remote message provider will send or 
receive the messages with the reliable message 
delivery capability 


Service 
Registry 




m j a v a we d rv i ces lj&v eiopei sr ac k, u uui 
Service Registiy is implemented vising Xindice 
object database. 


Service 
Registry files 


D:\Dev\WSDF\tools\ 
xindiceNdb 


This file location contains the subdirectory* 
'system' for the object database system files and 
security* information, and the subdirectory 'uddf 
for the actual UDDI data store. 


WSDL 

documents 


N/A 


In this demo environment, the WSDL documents 
are generated dynamically and do not store in the 
Service Registry. 
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Client 


Presentation 


Tiers 
Business 


Integration 


Resource 


Application 

Platform 

Layer 


User id and 
password are 
used for 
authentication. 


Control 
Seivlet uses 
HTM L and 
JSP for 
presentation 
and inquiry. 

JSPs can be 
cached to 
enhance 
performance. 


Java beans 
are used to 
implement 
some of the 
business 
logic. 

The remote 
FX Quote 
Service is a 
black box, 
accessible via 
JAX-HFC. 


N/A 


N/A 


Virtual 

Platform 

Layer 


HTTP 

HTTPS with 
SSL can be 
used for 
better 
security. 


HTTP 

HTTPS with 
SSL can be 
used for 
better 
security. 


JAXM-TSIK 

Message 

Provider 

provides 

secure 

messaging 

transport for 

SOAP 

messages 

over HTTP 


] AX- RFC, 
JAXM are 

iicpr] fn 

integrate 
different 
remote 
services. 


JAXR is used 
to access the 
Service 
Registry 


Upper 

Platform 

Layer 


In the future, 
128-bit SSL 
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